Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Videos buffer endlessly, sites won't open, computer freeze [Closed


  • This topic is locked This topic is locked

#1
TheDEvilElvis

TheDEvilElvis

    Member

  • Member
  • PipPip
  • 18 posts
My PC will freeze up, then when I try to re boot it says to boot CD, but after 10 minutes or so it will let me boot normally. It is also taking a long time to open sites or it will tell me that it couldn't connect. Also my tower will start making a noise like it's running a CD but there is no CD in the drive. What's next, a shoe pop out and kick me in the gigabytes? :blink: Sorry. I have system restored...no good. Please help me Geeks to go!

Thanks,

TheDevilElvis

Here is my OTL log:

OTL Extras logfile created on: 1/15/2013 4:18:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.39% Memory free
4.21 Gb Paging File | 2.45 Gb Available in Paging File | 58.05% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 176.57 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" /add "%1" (mpc-hc@Sourceforge)
Directory [mplayerc.play] -- "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" "%1" (mpc-hc@Sourceforge)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2397933872-373845246-1896838716-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2397933872-373845246-1896838716-1002]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2397933872-373845246-1896838716-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A1689F-CAD7-4B21-BCE8-C86793CE3775}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2D02C8F8-DD72-48B0-A2ED-DD119FCD871C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3321E5E0-482F-4E4C-9845-B28F8A8898B0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{38CFE232-59D8-474A-9F72-77EDEB881557}" = rport=10243 | protocol=6 | dir=out | app=system |
"{496E583C-F190-40AE-B696-DF6D65B64505}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7817E8E5-1072-43A1-9DE3-140A56F24755}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{907D56FB-A231-425F-83F0-D17E44B4FEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91B9A662-4091-4370-B7D4-69FD4C4536AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A78F7DF1-C357-4D67-97A1-8674EFB34C1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B87312F7-2D61-4D36-81FD-1D382331E209}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{BB1A594A-6B1D-468F-8217-56CDFEF79CDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4E4AC84-6713-4AE4-9C9D-55E5587ABC0E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{CBDAB788-82B0-4937-A3A9-1E48EFA88051}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D1D33499-86B8-4645-A762-C149BF2E52DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0EE5DCC-646D-4B0B-A96E-F9CD583A65E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04903739-6F94-4E7F-AE95-25FEEFD3C4DF}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{08CF0B8D-6ACD-4D77-836B-ACC33F3F91F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{0C6EAA93-B471-467E-A0E4-13E4EDA21218}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{12B993D2-40B4-4151-9C07-959DAF5B4484}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{13D97E2D-418B-4CB4-8D69-85A5D875C6D0}" = protocol=6 | dir=out | app=system |
"{14B351C4-2036-4276-8FF1-DB3342A15ACC}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"{18C1A10A-B4F0-4429-89AD-A5FBCB25A107}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1B134B88-CBC5-4AF0-A01D-4606D33C51E9}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"{1DE5BA4A-1577-4F4F-AE4F-48E9D39AD7FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F81564B-4124-4B6A-8E8A-4257AFAB99CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{207B0399-459F-4A6B-AD96-40A21977633D}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"{2803BFC0-F0B1-4825-90C2-635344B616BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{289CFEBF-1766-4082-8268-BCD87C2CD296}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"{2A294F9D-40E2-41A2-839F-227F92DEA4E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{2EE81FF6-5978-4B7F-BA2A-57CCDBDE0AE4}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{2EFACA84-8A60-4F1C-8943-23C678A409E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3ADF49EA-C592-42A1-B77F-BDEE93B3514E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4043FCA9-8EE3-4F7A-AD23-583C87E877D0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{42EF0695-D14E-46C0-A832-99E0D87157F5}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{483C8D11-51CB-4EBA-94CB-F2334085B8D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4D0132C7-8E36-4E59-BB91-E1768841AD40}" = protocol=17 | dir=in | app=c:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe |
"{4FF2DE69-6EBC-4C62-8618-62C175B39C8A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{506DE445-80B4-4835-B0E3-61F81631F3BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54070E37-E3A4-4B6E-B012-014351E722E8}" = protocol=6 | dir=in | app=c:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe |
"{56CF116D-7FA9-4FDC-9AFF-6454309E0A96}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"{57C7C535-AF17-4229-A2A3-2DD37CA24869}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5DBFEE09-A196-4E79-8843-E0354B29860C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{657F6220-2D88-4E93-B875-B987D367FCDD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6EC4BA41-AADE-469C-8409-385D386FA35E}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"{7000F34F-88BF-4BE7-9398-E786CCEBFB86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{71F1FD56-0721-4670-80FF-00892F3D42DC}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{73B5A1AC-B085-4C1F-8903-F50226330763}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76E7C63B-64F1-407C-AE99-12482AD1EE99}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{7A04F05C-BEF8-41C1-A179-DB2C2F514F74}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7A238111-2F6A-4A4D-AAAD-C9DEDDC2E19D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7B4A18C5-666A-424C-80DC-625C856DFC3F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7F0821C9-806C-4E07-9A56-0120D9A70E54}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{80C68843-72BE-4931-A55A-BBDD24EF62A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{8200ED66-3962-4EBE-8BB7-BCCD9714BA8B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{822E237C-EB5C-4FA8-8481-A2395D0F43D1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83059BE0-ABAA-4D20-BFF8-170FF596BED7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8475E7F8-F263-48AF-AE59-4135BBBCA405}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{88559D8D-3A9F-4927-8499-5A051C560624}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{8BF438CC-6366-48CC-9E13-50B1A11385D8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8CF2D8F0-9904-481C-9EC1-2FE8674FBE40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{948B0644-B280-40FE-810B-CCA0CE2EC06B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97FEF799-174F-4D96-B0C3-13BE4F326549}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9814F15A-33A3-4D0A-AE5D-C3F82D84008D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{9A142589-8A41-4531-97E7-E75177225A47}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{9B411A9B-C639-4A13-AC80-2A25B8FE69F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9CE9B02F-C854-48BB-BD8B-0ACE9149FA7F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9DD02436-9039-45E0-816D-15191E3DCCDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A29605D6-6887-4766-96A9-D1BFF6609D33}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A47E2786-2276-4997-A15B-ECDBBB267673}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A93FE8BB-AEFD-4DAB-AEED-3E3514AEE243}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AB404FC3-C66D-4708-B9EF-1D6EA170FE97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADE90AAF-2CC5-4A82-A463-D830AA5195CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AF025CBB-1C8F-433C-BF7F-033AA2D17130}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B621CFD0-42B4-48E8-81A9-9F66ECA190A7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{BB3B2274-A2D6-4C9B-9624-06219169CCB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB60E535-8534-4A39-BCF7-1E0256494792}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{BC8C698B-ABF4-4463-8C5A-01E791D46799}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCD60C5C-802E-4F88-8505-CA61D6BC4882}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{BCE7AA5A-DE09-462F-86FD-6BC2239105B5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD84941A-BD17-4F81-B16D-5383B3820287}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C96B3D7E-18D4-42F3-A6D9-8195C66079E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{CB8418CD-CFC6-4D70-8DD3-FFBF34437A34}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D2985840-6759-43F4-8C4D-8248892112DD}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"{D39E345E-D11F-4888-89E0-2415BC93F038}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{D864F67D-4EE6-4753-8079-379C89475206}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D97E4E71-15BB-4CBC-AA72-BD6A36FA04B2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{DE95408F-7335-4A18-8385-B2EB2E68EB94}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E2E6D4A4-1EC1-435E-B46D-5A239B99A1CB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E300E72B-0BB2-4EAA-9324-78618AE1661E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{E4D4752F-6896-4D75-A7D1-F49398D548EE}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{EB89E25B-5792-409E-BF96-76D01727C347}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F1246725-4691-47AF-A5E7-2401667991AF}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{F4097433-991C-42C9-8C24-8234EC811EB7}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"TCP Query User{395EA397-8C94-41FC-B044-67A266BBBB73}C:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{9719D53F-04B3-4CD8-B328-D40EF4B80F6C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A9A55E79-B422-4DF3-855D-0DD543C2B75C}C:\program files\uniden surveillance system\uniden surveillance system.exe" = protocol=6 | dir=in | app=c:\program files\uniden surveillance system\uniden surveillance system.exe |
"TCP Query User{C8A366E8-7244-47F7-969F-82293FCE286B}C:\program files\uniden surveillance system\uniden surveillance system.exe" = protocol=6 | dir=in | app=c:\program files\uniden surveillance system\uniden surveillance system.exe |
"TCP Query User{D2F941DD-A934-46CA-850A-24B1679B3CFB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D65BAA46-B789-4213-8E8C-C06300B962DD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3BA25DBA-82BB-4B51-9EC1-F70F30B67FBA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{57163AE6-6362-4733-89D0-D79101A3E4A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{96005202-4FA0-406B-8C4B-66AA8610D536}C:\program files\uniden surveillance system\uniden surveillance system.exe" = protocol=17 | dir=in | app=c:\program files\uniden surveillance system\uniden surveillance system.exe |
"UDP Query User{96443034-1A26-44B6-BA60-7190A1898FC4}C:\program files\uniden surveillance system\uniden surveillance system.exe" = protocol=17 | dir=in | app=c:\program files\uniden surveillance system\uniden surveillance system.exe |
"UDP Query User{B6069C78-AB16-4595-BC11-A5E10217B194}C:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\users\e\appdata\roaming\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DABF7854-32A0-4EF1-8D85-BCEC0468E45D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{09009D46-91A2-40D2-B1EA-D41A41B06E33}" = AVG 2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 27
"{26B5AD79-EE99-4E17-93A6-AF215E3A81E9}" = VC90_CRT_x86
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}" = Intel® Network Connections 17.1.55.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66712EEE-ECBC-4CA6-A474-youtube-downloader-and-~EF55A6A4_is1" = Solid YouTube Downloader and Converter 4.9.9
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84C34368-0C06-4880-9095-474609A8E770}" = Sony Preset Manager 2.0e
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C89180-E3B6-4451-A788-0BDC8A5EF34A}_is1" = Horseshoes
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6A128D8-6636-4293-BC1A-041B65A9E139}" = Digital Wireless Camera
"{B6FE57E6-E454-4F2A-94A0-87707FE190EF}" = Cricket Broadband
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DD350F3A-3620-4185-A5E2-88A6437C8415}" = SlimDrivers
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E47D2974-AA5E-FlvMP3-B984-3CA48DFA2849}_is1" = FLAV FLV to MP3 Converter 2.58.15
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1" = Uniden Surveillance System 5.0.0.289
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E8F664-CAC6-4104-A4F9-4373F0633495}" = Acronis Disk Director Server
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}" = Sony Sound Forge Audio Studio 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"135D0C8BC13A45369E2154E1FAC3FB2C47755A80" = Windows Driver Package - OEM (mr8980) Image (04/20/2007 1.0.0.0)
"3-IN-A-BED World League_is1" = 3-IN-A-BED World League Version 19.0
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Altnet Music Plugin_is1" = Altnet Music Plugin
"Any Video Converter_is1" = Any Video Converter 3.1.0
"AVG" = AVG 2012
"AVG PC TuneUp" = AVG PC TuneUp
"Belarc Advisor" = Belarc Advisor 8.1
"BetOnLine Client" = BetOnline Client (remove only)
"BetOnline Poker" = BetOnline Poker
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"Cricket Broadband CROSSWAVE" = Cricket Broadband CROSSWAVE
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Game Booster_is1" = Game Booster
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"king.com" = king.com (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.6
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Nero8110_Micro_is1" = Nero 8 Micro v8.1.1.0
"PCHand Screen Capture_is1" = PCHand Screen Capture 1.8.0.2
"PCHand Screen Recorder_is1" = PCHand Screen Recorder 1.8.5.3
"PROSetDX" = Intel® Network Connections 17.1.55.0
"PUBLISHER" = Microsoft Office Publisher 2007
"RealPlayer 15.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Smart Defrag 2_is1" = Smart Defrag 2
"TVWiz" = Intel® TV Wizard
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltraISO_is1" = UltraISO Premium V9.0
"Unlocker" = Unlocker 1.8.7
"VideoSlurp YouTube Downloader_is1" = VideoSlurp YouTube Downloader v1.56
"VoiceExplorer2005® " = VoiceExplorer2005®
"webcam 7" = webcam 7
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2012 12:19:47 PM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x01d3a2b8, process id 0xb50, application
start time 0x01cde384c435f729.

Error - 12/31/2012 3:31:32 AM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, exception code 0xc0000417, fault offset 0x0002c0b7, process
id 0xaa0, application start time 0x01cde728c7bd8039.

Error - 1/2/2013 6:22:34 AM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, exception code 0xc0000417, fault offset 0x0002c0b7, process
id 0xb2c, application start time 0x01cde8d303e3c119.

Error - 1/3/2013 7:50:40 PM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp
0x47919370, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6,
exception code 0x0000046b, fault offset 0x0003fc16, process id 0x860, application
start time 0x01cde99d7f272d78.

Error - 1/4/2013 1:29:02 PM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x00a0a2b8, process id 0xb70, application
start time 0x01cdeaa0e7ad3ce0.

Error - 1/5/2013 6:49:40 PM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0073a2b8, process id 0xb6c, application
start time 0x01cdeb96dc8bc4ea.

Error - 1/7/2013 5:31:00 AM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module rpshellextension.dll, version 15.0.6.14, time stamp
0x501308b2, exception code 0xc0000005, fault offset 0x00012856, process id 0x2354,
application start time 0x01cdecb994c798f6.

Error - 1/7/2013 10:35:35 AM | Computer Name = SqueekyPete | Source = Windows Search Service | ID = 3024
Description =

Error - 1/15/2013 6:46:11 AM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, exception code 0xc0000005, fault offset 0x00025df4, process
id 0xac8, application start time 0x01cdf30d70eddd44.

Error - 1/15/2013 10:02:16 AM | Computer Name = SqueekyPete | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4000.108,
time stamp 0x5035f6ab, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x01f21038, process id 0x15d8, application
start time 0x01cdf328e3adf2a4.

[ Media Center Events ]
Error - 4/22/2012 8:54:22 AM | Computer Name = SqueekyPete | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154

Error - 4/22/2012 8:54:24 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 4/22/2012 8:54:24 AM | Computer Name = SqueekyPete | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80131534

Error - 4/22/2012 8:54:24 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: Error reprocessing guide: System.TypeInitializationException:
Type constructor threw an exception. at ehiProxy.ResourceMgrClass.GetEhepgdat(IEhepgdat&
ppEhepgdatDisp) at Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()
at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry[T](EhepgdatCaller`1
x) at Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Process: DefaultDomain Object
Name: Media Center Guide

Error - 4/22/2012 8:54:24 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: Error: Failed to reprocess guide! Process: DefaultDomain
Object
Name: Media Center Guide

Error - 4/22/2012 8:56:13 AM | Computer Name = SqueekyPete | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154

Error - 4/22/2012 8:56:14 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 4/22/2012 8:56:14 AM | Computer Name = SqueekyPete | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80131534

Error - 4/22/2012 8:56:14 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: Error reprocessing guide: System.TypeInitializationException:
Type constructor threw an exception. at ehiProxy.ResourceMgrClass.GetEhepgdat(IEhepgdat&
ppEhepgdatDisp) at Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()
at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry[T](EhepgdatCaller`1
x) at Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Process: DefaultDomain Object
Name: Media Center Guide

Error - 4/22/2012 8:56:14 AM | Computer Name = SqueekyPete | Source = Media Center Guide | ID = 0
Description = Event Info: Error: Failed to reprocess guide! Process: DefaultDomain
Object
Name: Media Center Guide

[ OSession Events ]
Error - 5/9/2010 11:00:22 PM | Computer Name = SqueekyPete | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2010 11:00:41 PM | Computer Name = SqueekyPete | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/15/2013 5:30:41 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2013 5:31:11 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7009
Description =

Error - 1/15/2013 5:31:11 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2013 5:31:49 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7009
Description =

Error - 1/15/2013 5:31:49 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2013 5:39:46 PM | Computer Name = SqueekyPete | Source = HTTP | ID = 15021
Description =

Error - 1/15/2013 5:40:40 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7009
Description =

Error - 1/15/2013 5:40:40 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2013 5:40:40 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7023
Description =

Error - 1/15/2013 5:41:31 PM | Computer Name = SqueekyPete | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

Advertisements


#2
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Oh also I have this AVG PC Tune Up thing that I can't get off my PC. I use AVG anti virus but this is different. Thanks again.

~TDE~
  • 0

#3
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello TheDEvilElvis and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hello,
Sorry your post was missed. Probably because you replied to yourself and most of us look for zero replies.
Also, you posted the extras.txt log only.
If you still need help please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • OTL custom scan log
  • ASWmbr log file
  • checkup.txt log file

  • 0

#4
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks Crowbar! here are my logs.

OTL Log:

OTL logfile created on: 1/20/2013 1:53:55 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.96% Memory free
4.21 Gb Paging File | 2.68 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.31 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\e\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()


========== Services (SafeList) ==========

SRV - (svcboot_joobidf) -- C:\Windows\system32\byrbzqbb\svcboot_joobidf.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (utq1ndux) -- C:\Windows\system32\Drivers\utq1ndux.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (GFI Software)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2304157
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=849092562
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/12 07:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/11 12:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 22:55:14 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/22 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/12/02 22:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/30 13:56:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://www.claro-sea...00008863bb41ee0
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.claro-sea...00008863bb41ee0
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 15:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 16:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:39:31 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/13 03:08:09 | 000,000,000 | ---D | C] -- C:\c05960a737139d671f
[2013/01/09 03:07:48 | 000,000,000 | ---D | C] -- C:\32f0ebe972e95259aa8cc8
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 02:03:43 | 004,037,040 | ---- | M] () -- C:\Users\e\Documents\Unconfirmed 401108.crdownload
[2013/01/20 02:00:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/01/20 02:00:00 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/01/20 01:28:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 01:22:22 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 01:15:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/01/20 01:14:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 01:13:23 | 106,829,992 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/20 01:09:38 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 01:09:38 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 01:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 01:08:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/01/19 11:16:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/18 17:30:14 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/18 17:30:14 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/18 17:15:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/01/17 18:49:36 | 000,725,538 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 15:39:32 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg
[2013/01/14 20:33:41 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/13 04:01:32 | 000,536,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 18:58:31 | 000,161,434 | ---- | M] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:54:04 | 000,053,519 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:39 | 000,315,781 | ---- | M] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:32 | 000,909,167 | ---- | M] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:25 | 000,068,117 | ---- | M] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:09 | 000,129,427 | ---- | M] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 15:55:16 | 000,068,405 | ---- | M] () -- C:\Users\e\Documents\hand.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | M] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | M] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | M] () -- C:\Users\e\Documents\self01.jpg
[2013/01/05 22:24:55 | 000,025,184 | ---- | M] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | M] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:56 | 000,027,461 | ---- | M] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:41 | 000,339,877 | ---- | M] () -- C:\Users\e\Documents\insane1.jpg
[2013/01/04 07:25:15 | 000,445,016 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130115-080926.backup
[2013/01/04 03:33:42 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 14:00:35 | 000,172,780 | ---- | M] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | M] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:53 | 000,124,112 | ---- | M] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/24 01:22:35 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/12/23 09:11:19 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/12/23 09:08:40 | 000,169,472 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 01:54:14 | 003,074,348 | ---- | C] () -- C:\Users\e\Documents\Unconfirmed 401108.crdownload
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:41:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:41:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:41:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:41:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:41:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2013/01/10 18:58:31 | 000,161,434 | ---- | C] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:53:55 | 000,053,519 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:32 | 000,315,781 | ---- | C] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:25 | 000,909,167 | ---- | C] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:24 | 000,068,117 | ---- | C] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:07 | 000,129,427 | ---- | C] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | C] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | C] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | C] () -- C:\Users\e\Documents\self01.jpg
[2013/01/07 14:44:09 | 000,068,405 | ---- | C] () -- C:\Users\e\Documents\hand.jpg
[2013/01/05 22:24:54 | 000,025,184 | ---- | C] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | C] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:55 | 000,027,461 | ---- | C] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:33 | 000,339,877 | ---- | C] () -- C:\Users\e\Documents\insane1.jpg
[2012/12/28 14:00:30 | 000,172,780 | ---- | C] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | C] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:45 | 000,124,112 | ---- | C] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/21 03:19:19 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/08/21 03:19:19 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,169,472 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/29 22:08:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Ad-Aware Antivirus
[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/09/26 10:47:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG2012
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 00:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 00:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 18:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 00:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 00:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 00:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 00:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 00:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 00:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 00:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 00:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 00:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 00:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 00:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 00:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 00:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 00:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 00:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 00:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 00:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 00:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/19 01:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 03:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/08/21 04:23:06 | 000,003,193 | ---- | M] () MD5=7688D281F98711C6D2CC79227FF85538 -- C:\Program Files\IObit\Advanced SystemCare 4\services.ini

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/20 01:33:57 | 000,000,351 | ---- | M] () MD5=2D10EDBB05B7FC4A7C7B8B11652EB395 -- C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\2H96YN6E\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2008/08/26 07:12:34 | 000,068,591 | ---- | M] () MD5=1B14D787450BFD63C4FFD990F1200F09 -- C:\Program Files\Spybot - Search & Destroy\Includes(2)\Services.sbs
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe



< MD5 for: WINSOCK.DLL >
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:7578EF04
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7311BB85
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:06178D1C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Here is my aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 02:22:08
-----------------------------
02:22:08.758 OS Version: Windows 6.0.6002 Service Pack 2
02:22:08.758 Number of processors: 2 586 0xF0D
02:22:08.760 ComputerName: SQUEEKYPETE UserName: e
02:22:10.137 Initialize success
02:22:14.257 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:22:14.261 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
02:22:14.272 Disk 0 MBR read successfully
02:22:14.275 Disk 0 MBR scan
02:22:14.279 Disk 0 Windows VISTA default MBR code
02:22:14.283 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
02:22:14.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
02:22:14.306 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
02:22:14.316 Disk 0 scanning sectors +625139712
02:22:14.405 Disk 0 scanning C:\Windows\system32\drivers
02:22:24.638 Service scanning
02:22:42.445 Modules scanning
02:22:49.457 Disk 0 trace - called modules:
02:22:49.491 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
02:22:49.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867859b0]
02:22:49.849 3 CLASSPNP.SYS[895c38b3] -> nt!IofCallDriver -> [0x8660a520]
02:22:49.857 5 acpi.sys[83aa36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85858528]
02:22:49.865 Scan finished successfully
02:24:24.762 Disk 0 MBR has been saved successfully to "C:\Users\e\Documents\MBR.dat"
02:24:24.778 The log file has been saved successfully to "C:\Users\e\Documents\aswMBR.txt"

Checkup log:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
CA Yahoo! Anti-Spy (remove only)
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
CCleaner
Java™ 6 Update 27
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 13.0.782.112
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
  • 0

#5
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello -

First thing I see is that you have more than one anti-virus programs running. This is never a good configuration, it will actually make you less secure.
I will post my recommendations for this after we do some cleaning up.
AVG
adaware AV


Registry Cleaners -
I do not recommend the use of any tools that claim to clean or optimize the registry.
At best these tools will do nothing, at worst they can break your computer to the point that it is no longer bootable.:
iobit advanced system care.
webroot washer
ccleaner

It appears to me that you have run combofix in the past, if this was done recently please post the combofix log file.

For your anti malware programs - you seem to have a lot and some are quite old. I recommend uninstalling all of them, except for Malwarebytes. If you are looking for extra protection on top of malwarebytes, perhaps try WinPatrol, it's a very good utility.

I also see that you have traces of the Sunbelt firewall, probably bundled with the other sunbelt (GFI) software you have installed. Only one firewall is necessary, and since the Sunbelt one is quite old, let's stick with the Windows Firewall.

So, lets get started:
Step 1
Please start Chrome
Click the Chrome menu on the browser toolbar.
Select Settings.
Set your homepage
When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
Please change the homepage to anything but claro-search.com which is what it is set to now.

Step 2
Please uninstall these programs:
adaware - including the anti-virus
iobit advanced system care
webroot washer
ccleaner
sunbelt counter spy
Anything else from Sunbelt
Anything else from GFI

Step 3
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    SRV - (svcboot_joobidf) -- C:\Windows\system32\byrbzqbb\svcboot_joobidf.dll File not found
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2304157
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=849092562
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
    [2012/12/02 22:55:39 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2010/06/30 13:56:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:7578EF04
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7311BB85
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:06178D1C
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 4
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 5
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next reply I would like to see:
  • OTL fix log
  • combofix log from previous run, if recent
  • ADWcleaner log
  • New OTL scan log file
  • how is the computer after doing all this?

  • 0

#6
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Crowbar, Thanks for the time so far. Here are the two OTL logs but I can't seem to find the Adwcleaner or the Combofix logs. Should I run them again?


OTL Log:

OTL logfile created on: 1/20/2013 1:53:55 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.96% Memory free
4.21 Gb Paging File | 2.68 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.31 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\e\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()


========== Services (SafeList) ==========

SRV - (svcboot_joobidf) -- C:\Windows\system32\byrbzqbb\svcboot_joobidf.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (utq1ndux) -- C:\Windows\system32\Drivers\utq1ndux.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (GFI Software)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2304157
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=849092562
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/12 07:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/11 12:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 22:55:14 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/22 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/12/02 22:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/30 13:56:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://www.claro-sea...00008863bb41ee0
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.claro-sea...00008863bb41ee0
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 15:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 16:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:39:31 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/13 03:08:09 | 000,000,000 | ---D | C] -- C:\c05960a737139d671f
[2013/01/09 03:07:48 | 000,000,000 | ---D | C] -- C:\32f0ebe972e95259aa8cc8
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 02:03:43 | 004,037,040 | ---- | M] () -- C:\Users\e\Documents\Unconfirmed 401108.crdownload
[2013/01/20 02:00:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/01/20 02:00:00 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/01/20 01:28:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 01:22:22 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 01:15:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/01/20 01:14:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 01:13:23 | 106,829,992 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/20 01:09:38 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 01:09:38 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 01:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 01:08:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/01/19 11:16:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/18 17:30:14 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/18 17:30:14 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/18 17:15:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/01/17 18:49:36 | 000,725,538 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 15:39:32 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg
[2013/01/14 20:33:41 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/13 04:01:32 | 000,536,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 18:58:31 | 000,161,434 | ---- | M] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:54:04 | 000,053,519 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:39 | 000,315,781 | ---- | M] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:32 | 000,909,167 | ---- | M] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:25 | 000,068,117 | ---- | M] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:09 | 000,129,427 | ---- | M] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 15:55:16 | 000,068,405 | ---- | M] () -- C:\Users\e\Documents\hand.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | M] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | M] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | M] () -- C:\Users\e\Documents\self01.jpg
[2013/01/05 22:24:55 | 000,025,184 | ---- | M] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | M] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:56 | 000,027,461 | ---- | M] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:41 | 000,339,877 | ---- | M] () -- C:\Users\e\Documents\insane1.jpg
[2013/01/04 07:25:15 | 000,445,016 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130115-080926.backup
[2013/01/04 03:33:42 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 14:00:35 | 000,172,780 | ---- | M] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | M] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:53 | 000,124,112 | ---- | M] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/24 01:22:35 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/12/23 09:11:19 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/12/23 09:08:40 | 000,169,472 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 01:54:14 | 003,074,348 | ---- | C] () -- C:\Users\e\Documents\Unconfirmed 401108.crdownload
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:41:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:41:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:41:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:41:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:41:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2013/01/10 18:58:31 | 000,161,434 | ---- | C] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:53:55 | 000,053,519 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:32 | 000,315,781 | ---- | C] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:25 | 000,909,167 | ---- | C] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:24 | 000,068,117 | ---- | C] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:07 | 000,129,427 | ---- | C] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | C] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | C] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | C] () -- C:\Users\e\Documents\self01.jpg
[2013/01/07 14:44:09 | 000,068,405 | ---- | C] () -- C:\Users\e\Documents\hand.jpg
[2013/01/05 22:24:54 | 000,025,184 | ---- | C] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | C] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:55 | 000,027,461 | ---- | C] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:33 | 000,339,877 | ---- | C] () -- C:\Users\e\Documents\insane1.jpg
[2012/12/28 14:00:30 | 000,172,780 | ---- | C] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | C] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:45 | 000,124,112 | ---- | C] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/21 03:19:19 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/08/21 03:19:19 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,169,472 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/29 22:08:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Ad-Aware Antivirus
[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/09/26 10:47:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG2012
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 00:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 00:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 18:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 00:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 00:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 00:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 00:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 00:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 00:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 00:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 00:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 00:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 00:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 00:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 00:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 00:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 00:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 00:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 00:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 00:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 00:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/19 01:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 03:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/08/21 04:23:06 | 000,003,193 | ---- | M] () MD5=7688D281F98711C6D2CC79227FF85538 -- C:\Program Files\IObit\Advanced SystemCare 4\services.ini

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/20 01:33:57 | 000,000,351 | ---- | M] () MD5=2D10EDBB05B7FC4A7C7B8B11652EB395 -- C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\2H96YN6E\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2008/08/26 07:12:34 | 000,068,591 | ---- | M] () MD5=1B14D787450BFD63C4FFD990F1200F09 -- C:\Program Files\Spybot - Search & Destroy\Includes(2)\Services.sbs
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:7578EF04
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7311BB85
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:06178D1C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >




OTL log #2:

OTL logfile created on: 1/21/2013 6:15:56 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.49% Memory free
4.21 Gb Paging File | 2.88 Gb Available in Paging File | 68.44% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 178.23 Gb Free Space | 61.88% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\e\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()


========== Services (SafeList) ==========

SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrssweep.sys File not found
DRV - (utq1ndux) -- C:\Windows\system32\Drivers\utq1ndux.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/12 07:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/11 12:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 22:55:14 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/21 05:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/21 05:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Do Not Track = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 15:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 06:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:27:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 13:27:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/20 01:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/16 16:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:39:31 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/13 03:08:09 | 000,000,000 | ---D | C] -- C:\c05960a737139d671f
[2013/01/09 03:07:48 | 000,000,000 | ---D | C] -- C:\32f0ebe972e95259aa8cc8
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe

========== Files - Modified Within 30 Days ==========

[2013/01/21 06:25:51 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/01/21 06:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/01/21 06:15:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/01/21 06:14:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 06:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 06:04:03 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 06:04:02 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 06:04:01 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 06:02:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/21 06:02:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/01/21 06:01:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/21 05:57:40 | 000,574,677 | ---- | M] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/21 05:28:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 00:01:49 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/21 00:01:49 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/20 17:57:25 | 106,946,688 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/20 17:15:03 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/01/20 02:26:33 | 000,881,914 | ---- | M] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | M] () -- C:\Users\e\Documents\MBR.dat
[2013/01/20 02:06:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/17 18:49:36 | 000,725,538 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 15:39:32 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg
[2013/01/14 20:33:41 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/13 04:01:32 | 000,536,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 18:58:31 | 000,161,434 | ---- | M] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:54:04 | 000,053,519 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:39 | 000,315,781 | ---- | M] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:32 | 000,909,167 | ---- | M] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:25 | 000,068,117 | ---- | M] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:09 | 000,129,427 | ---- | M] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 15:55:16 | 000,068,405 | ---- | M] () -- C:\Users\e\Documents\hand.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | M] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | M] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | M] () -- C:\Users\e\Documents\self01.jpg
[2013/01/05 22:24:55 | 000,025,184 | ---- | M] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | M] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:56 | 000,027,461 | ---- | M] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:41 | 000,339,877 | ---- | M] () -- C:\Users\e\Documents\insane1.jpg
[2013/01/04 07:25:15 | 000,445,016 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130115-080926.backup
[2012/12/28 14:00:35 | 000,172,780 | ---- | M] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | M] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:53 | 000,124,112 | ---- | M] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/24 01:22:35 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/12/23 09:11:19 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/12/23 09:08:40 | 000,169,472 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2013/01/21 05:57:01 | 000,574,677 | ---- | C] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:25:41 | 000,881,914 | ---- | C] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | C] () -- C:\Users\e\Documents\MBR.dat
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:41:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:41:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:41:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:41:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:41:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2013/01/10 18:58:31 | 000,161,434 | ---- | C] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:53:55 | 000,053,519 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:32 | 000,315,781 | ---- | C] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:25 | 000,909,167 | ---- | C] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:24 | 000,068,117 | ---- | C] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:07 | 000,129,427 | ---- | C] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | C] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | C] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | C] () -- C:\Users\e\Documents\self01.jpg
[2013/01/07 14:44:09 | 000,068,405 | ---- | C] () -- C:\Users\e\Documents\hand.jpg
[2013/01/05 22:24:54 | 000,025,184 | ---- | C] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | C] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:55 | 000,027,461 | ---- | C] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:33 | 000,339,877 | ---- | C] () -- C:\Users\e\Documents\insane1.jpg
[2012/12/28 14:00:30 | 000,172,780 | ---- | C] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | C] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:45 | 000,124,112 | ---- | C] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,169,472 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/09/26 10:47:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG2012
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV

< End of report >
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
No need to run ADWcleaner again, please look for the log in the C:\ drive. Should be called DWCleaner[XX].txt
Click on Start, then Computer, then double click your C: drive, it should be in there. For the old Combofix log - please look in the same place -
c:\combofix.txt
open both .txt files and paste the contents into your next post.


After running ADWcleaner, how is the computer doing?
  • 0

#8
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Combo fix log

ComboFix 13-01-16.01 - e 01/16/2013 15:45:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1198 [GMT -6:00]
Running from: c:\users\e\Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Windows Server
c:\users\Administrator\AppData\Local\Windows Server\flags.ini
c:\users\Administrator\AppData\Local\Windows Server\uses32.dat
c:\users\e\cnet2_OrbitDownloaderSetup_exe.exe
c:\users\e\VideoConverterSetup.exe
c:\users\Public\setup.exe
c:\windows\msrresmap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 21:56 . 2013-01-16 22:00 -------- d-----w- c:\users\e\AppData\Local\temp
2013-01-16 21:56 . 2013-01-16 21:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-16 21:56 . 2013-01-16 21:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-16 21:56 . 2013-01-16 21:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-15 11:36 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-13 09:08 . 2013-01-13 09:09 -------- d-----w- C:\c05960a737139d671f
2013-01-13 07:24 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 07:21 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-13 07:20 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 09:07 . 2013-01-09 09:09 -------- d-----w- C:\32f0ebe972e95259aa8cc8
2012-12-25 09:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 09:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 02:23 . 2012-11-24 06:20 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 02:23 . 2011-06-06 23:15 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 15:11 . 2012-11-10 17:08 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-12-14 22:49 . 2012-10-30 02:52 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-19 18:29 . 2012-11-19 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-19 18:29 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-13 01:29 . 2012-12-12 01:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-11 13:23 . 2012-11-11 13:22 10997760 ----a-w- c:\windows\sspro.exe
2012-11-11 13:22 . 2012-11-11 13:22 224256 ----a-w- c:\windows\svcreng.dll
2012-11-11 13:22 . 2012-11-11 13:22 590848 ----a-w- c:\windows\utimcache.exe
2012-11-11 13:22 . 2012-11-11 13:22 420352 ----a-w- c:\windows\stidraw32.exe
2012-11-11 13:22 . 2012-11-11 13:22 646144 ----a-w- c:\windows\sysnadr64.exe
2012-11-11 13:22 . 2012-11-11 13:21 3339264 ----a-w- c:\windows\diskediag.exe
2012-11-11 06:33 . 2012-11-11 06:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-11-09 10:42 . 2012-12-12 01:40 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-12 01:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-12 01:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-12 01:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-12 01:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-12 01:39 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-12 01:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-02 10:18 . 2012-12-12 01:40 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 01:40 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 150552]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-19 296096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...=2&ver=9.0.872" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 23:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2010-10-27 17:44 328992 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FamilyCyberAlert]
2012-05-02 04:26 1715872 ----a-w- c:\windows\System32\FCA\Syslogin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FCACheck]
2012-01-03 06:30 32416 ----a-w- c:\windows\System32\FCA\FCACheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 06:18 6276408 ----a-w- c:\users\e\AppData\Roaming\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-17 06:19 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 16:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2000-01-01 00:00 10996368 ------w- c:\program files\REALTEK\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 23:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\e\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"=c:\programdata\FLEXnet\Connect\11\ISUSPM.exe -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2397933872-373845246-1896838716-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2397933872-373845246-1896838716-1002]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2397933872-373845246-1896838716-500]
"EnableNotificationsRef"=dword:00000001
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
rsmsvcs REG_MULTI_SZ ntmssvc
svcboot_joobidf REG_MULTI_SZ svcboot_joobidf
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-24 02:23]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 11:20]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 11:20]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
- c:\users\e\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:30]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
- c:\users\e\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:30]
.
2012-12-24 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-10-14 21:29]
.
2013-01-16 c:\windows\Tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
- c:\windows\system32\msfeedssync.exe [2012-12-12 07:12]
.
2013-01-16 c:\windows\Tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
- c:\windows\system32\msfeedssync.exe [2012-12-12 07:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=80f63e00-aeef-4b0b-89b5-44c28b14a04c&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{0a80cff8-ccdb-4ef9-96c3-41cdde184adb} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\e\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 15:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\w7Svc]
"ImagePath"="c:\program files\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-16 16:04:32
ComboFix-quarantined-files.txt 2013-01-16 22:04
.
Pre-Run: 187,597,778,944 bytes free
Post-Run: 187,993,210,880 bytes free
.
- - End Of File - - 95D72F8B97B251E1DA04DFD55E601192

Cleaner log


# AdwCleaner v2.106 - Logfile created 01/21/2013 at 05:59:59
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : e - SQUEEKYPETE
# Boot Mode : Normal
# Running from : C:\Users\e\Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Deleted : HKCU\Software\5ce8adee23cbe44
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

-\\ Opera v [Unable to get version]

*************************

AdwCleaner[S1].txt - [5040 octets] - [21/01/2013 05:59:59]

########## EOF - C:\AdwCleaner[S1].txt - [5100 octets] ##########
  • 0

#9
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
This is short because my PC keeps freezing a few minutes after boot and I wanted to get you the logs.
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
Let's run one more tool, then fix your anti virus issues, I am hoping that the freezing stops once we sort out your AV programs.

Step 1
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2
You have multiple anti virus programs, adaware AV and AVG. I personally don't like either one of these, especially AVG. I recommend that you uninstall both and go with either Microsoft Security Essentials

First download Microsoft Security Essentials from here to your desktop, but do not install it yet
Next I want you to download the removal tools for both of your AV programs, but again, do not run them yet. Adaware removal tool is here, and the AVG removal tool is here. Put both of these tools on your desktop.

Next - please Uninstall Adaware Antivirus, click on Start, then Control Panel, then click on Programs and Features, then uninstall Adaware Antivirus
If your computer wants to reboot, then let it. Run the Adaware removal tool you downloaded previously, by right clicking on the icon and selecting Run as Administrator. Again if asked to reboot, please do so.

Next - please go back to Programs and Features and uninstall AVG. If asked to reboot, please do so. After AVG is uninstalled please run the AVG removal tool that you downloaded previously, by right clicking on the icon and selecting Run as Administrator and reboot your computer if necessary.

Last, please run the Microsoft Security Essentials installer that you have previously downloaded - let it install and follow the instructions on the screen.

In your next reply I would like to see:
  • Roguekiller log file
  • How is the computer running now?

  • 0

Advertisements


#11
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I downloaded the Microsoft Security Essentials and the Avg removel tool but the Adaware link was no good. I thought about downloading one from CNET but figured I better let you tell me which one you want me to use.

Here is my Rouge Killer log:

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : e [Admin rights]
Mode : Scan -- Date : 01/22/2013 07:50:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] OAS Integration : C:\Users\Administrator\AppData\Local\Temp\MATS-Temp\IXPax1ilugf.wlb\MATSWiz.exe -url "hxxp://windowshelp.microsoft.com/Windows" -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{A87C4F92-C679-4A53-9881-D19FF654A724} : NameServer (172.28.221.53 172.28.221.54) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] 3e4966fea1881fdb9ee5d9c9deadc0bd
[BSP] 69a577cfd462274758ec500c84e5c42e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01222013_02d0750.txt >>
RKreport[1]_S_01222013_02d0750.txt
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Yes, I am always leery of that cnet downloader, I would not want to use it myself.
Go to this page here and just below the green download now button is a text link - Direct Download Link - try that one
  • 0

#13
TheDEvilElvis

TheDEvilElvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Adaware was not in my programs (that I could find) I uninstalled AVG but still can't get rid of that stupid AVG Tune Up Pro, that I wish some one had stuck some where. Should I install the Microsoft Security Essentials any way?

Crowbar thanks for all your help also. I really appreciate it. I'm going to be away from my PC for about an hour or so, I'll check this out then,
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
I will be off and on throughout the day, and I will keep an eye out for your posts the best that I can. I'd love to make some progress on this today, and have you feeling good about your computer as soon as possible :cool:

Did you run the adaware removal tool anyways? I recommend that you go ahead and do it if you have not yet. After that runs, please run the security check program again.

Don't worry, we will get rid of that tune up program, I just want to make sure your security is up to par before we get tied up in removing that annoyance.
  • 0

#15
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Just want to clarify that I do not want you to install any other anti virus programs until we are sure that you have fully uninstalled the AV's that are currently on your system now. Multiple AV's can cause system instability similar to the symptoms you are experiencing now.
So to answer your question about the microsoft AV, the answer is to wait until both the removal tools are successfully run.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP